Page 50 of 55
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 5:26 pm
by wildwolf
As far as I can tell, for that vulnerability to be exploited, you need to be logged into RoundCube.
Moreover, the traces will be visible in the web server access log, since command are injected into the query string.
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 6:37 pm
by lukapaunovic
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 6:57 pm
by dpeca
lukapaunovic wrote: ↑Thu Apr 12, 2018 6:37 pm
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
And CentOS already has Roundcube 1.3.6 in yum repo?
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 7:04 pm
by yoko eagle
Hi,
Is this security fix for Roundcube already included in the latest vesta version?
Or do I have to install it separately?
Anyone guide me please.
Thanks!
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 7:05 pm
by imperio
dpeca wrote: ↑Thu Apr 12, 2018 6:57 pm
lukapaunovic wrote: ↑Thu Apr 12, 2018 6:37 pm
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
And CentOS already has Roundcube 1.3.6 in yum repo?
Yes
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 8:14 pm
by kandalf
But the hack was done through Roundcube?
Did anyone already reproduced the hack?
Re: Got 10 VestaCP servers exploited
Posted: Thu Apr 12, 2018 8:29 pm
by lukapaunovic
No & no
Re: Got 10 VestaCP servers exploited
Posted: Fri Apr 13, 2018 7:06 am
by vishne0
Just to update you all I am running updated vesta on different port with all the other security settings on server since last 3 days and no Infection yet.
Re: Got 10 VestaCP servers exploited
Posted: Fri Apr 13, 2018 4:04 pm
by rlasmar
I wasn't hacked.
I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.
At the moment of attack, I was using vesta Version 0.9.8-17.
Re: Got 10 VestaCP servers exploited
Posted: Fri Apr 13, 2018 5:55 pm
by homicide
rlasmar wrote: ↑Fri Apr 13, 2018 4:04 pm
I wasn't hacked.
I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.
At the moment of attack, I was using vesta Version 0.9.8-17.
I only have 2 dedicated servers, they are in different data centers. The one that got hacked had exim/dovecot/spam/clam enabled (every service was enabled). The one that did not get hacked did not have any of those services enabled. Coincidence?
As for ports, both had the panel on default 8083. As for Vesta software both were on 0.9.8-19. One difference was that hacked server was running Centos 7 while the server that was not hacked had Centos 6.9.